Author Archives: Jyri Lehtonen

Update SCCM 2012 to SP1 CU1

Purpose: You have installed SCCM SP1, but its not up to date anymore, Aieee! Do something again!

So you thought you are safe now that the SP1 is installed and all your worries will go away? Wrong! SP1 created some new issues and did not fix all the original issues you might have had with the system. So I urge you to update SCCM 2012 SP1 to the following Comulative Update 1, which will help you to grow less grey hair. With all these different issues, there will most likely be updates more in the future, but do not wait for SP2 to appear, it could take a while.

Bug fixes in Configuration Manager 2012 SP1 CU1 (Includes download link)

Update SCCM 2012 to SP1

Purpose: You installed RTM version, and its now not up to date anymore, Aieee! Do something!

Let me begin by pointing out the obvious here: you do not need this update because of all the new features it gives, you need this update because of all the bug fixes it does! My god, that almost rhymed, I could start writing poetry. The post is divided into two parts: the first part containing the requirements that you need to do before you can move to the second part, which is the actual installation of the update. Do not step over the first part, you really do need to do all of these.

Bug fixes in Configuration Manager 2012 SP1

New features in Configuration Manager 2012 SP1 (Referenced)

Read from an Active Directory computer object attribute (VBS)

Purpose: You have information that you need to read from an AD object attribute

Now that you have an attribute full of exiting new information, you need to get it down for business! From SCCM point of view – this usually is an AD computer object attribute (which value could be, for example, the physical location of the computer or the year the computer has been purchased, etc.). Yes well im glad if you also had read my previous article “Write to an Active Directory computer object attribute (VBS). You should know then that I really did not bother to come up with anything original to this description, its just a copy paste! But the script below really does what the topic claims it to do. With the script you can read the attribute value and continue your adventure with it anyway you want!

Usage: cscript.exe IT_OSD_VBS_ReadComputerADAttribute.vbs (no parameters exist)
Debugging: You can uncomment the msgbox rows, to see what values you are receiving.
Configuration: You need to change the AD Attribute that you want to read.

Continue Reading

Write to an Active Directory computer object attribute (VBS)

Purpose: You have information that you need to write to an AD objects attribute

Fancy stuff: you are in a dire need to automate AD object attribute writing. Usually (from SCCM point of view) this object is a computer object, and the attribute contains some additional information about the computer that your corporation has requested. This additional information could be, for example, the physical location of the computer or some specific owner details. The script below allows you to write to the current computer AD object (because it is used usually in a task sequence). Happy writing!

Usage: cscript.exe IT_OSD_VBS_WriteToComputerObjectAttribute.vbs (no parameters exist)
Debugging: You can uncomment the msgbox rows, to see what values you are receiving.
Configuration: You need to change the AD Attribute that you want to write to

Continue Reading

Show Workstation Name in Computer Icon and Start Menu (BAT)

Purpose: Show the Workstation name on Desktop and Start Menu (natively)

The case everyone is familiar with (more or less) is the case of getting a customer to tell the support personnel their computer name. This can be done with multiple different ways (tag the computer with stickers, link username and computer name in your management tool, or create something that helps the user to tell it). The way I’m going to demonstrate is suited for some cases: create something that helps the user to tell it. In this case it is going to be by renaming the “Computer” icon on the public desktop and forcing it to be shown there. This will also then rename the Start Menu “Computer”.

Requirements: SetACL.exe (http://helgeklein.com/setacl/) / included in the download
Usage: start “Configure” /wait IT_OSD_BAT_ShowWorkstationNameInMyComputer.bat
Debugging: The script must be ran as NT AUTHORITY/SYSTEM (ie. the installing force of SCCM).
Configuration: No need.
Continue Reading

Enable Remote Desktop from Command-line (BAT)

Purpose: Enable Remote Desktop on Workstations from Command-line

To gain access to the unsuspecting victims.. er.. customers, you can use the magnificent built-in tool of RDP! This even allows you to do your work hidden so the customer will not actually see what you are doing, how neat is that? (Well of course this is not neat in a situation where the customer wants to show you something but lets not go into that.) To enable RDP on a remote workstation, you can use the following registry change. Like many configuration options, this can be implemented through various ways. This script can be added to SCCM as an application and use the registry change as Detection Method. This way – if the setting is already as we want – SCCM will not do anything on the workstation.

Usage: start “Configure” /wait IT_OSD_BAT_EnableRemoteDesktop.bat

Continue Reading

Enable Remote Registry Service (BAT)

Purpose: Start the Remote Registry service during system startup

In corporate environments, administrative users and support personnel might need to be able to access the remote workstation registry. In these scenarios, the work can be done without disturbing the customer and then just informing the customer that the fix has been made. Unless this is set in the workstation image, you need to enable this afterwards. Luckily it can be done easily through SCCM application deployment. There are plenty alternative ways to do this (GPO, Login script, OS image, Packages, etc.). This method is just as straightforward as any of them and allows you to track its progress through the environment using the built-in tools of SCCM.

Usage: start “Configure” /wait IT_OSD_BAT_EnableRemoteDesktop.bat
Debugging: Occurs during next login. Should you need faster, start it instantly as well.
This can be done by running the following command: sc.exe start RemoteRegistry. The extra registry key is just for SCCM to be used as an application anchor (detection method).

Continue Reading

Move a Computer to an Active Directory Organizational Unit (VBS)

Purpose: During a SCCM 2012 Computer Deployment, troubleshoot your AD permissions

Ok – before you start with all the “Hey dude, there is a built-in action to do this!” -talks, hear me out first. Remember all those SCCM Task Sequence changes you made? And then tried the Task Sequence out by installing an operating system? You noticed that you had problems getting a computer to move to the correct Active Directory (AD) Organisational Unit (OU)? Made some troubleshooting changes and then tried again? Here is where this script will come in handy! You do not need to run through the Task Sequence just to see if your computer will now actually move to the correct OU (because this can take an hour, right?). You could do a new Task Sequence, with only one action, just to test if your workstation moves around AD  – but lets not stress that delicate System Center product with this. Most of the time problems with handling workstations in AD through SCCM are about permissions.

Usage: cscript.exe IT_OSD_VBS_MoveComputerADOU.vbs (no parameters exist)
Debugging: You can uncomment the msgbox rows, to see what values you are receiving.
Configuration: You need to change the AD OU location to suit your own environment.

Continue Reading

Join a Computer to an Active Directory Security Group (VBS)

Purpose: During a SCCM 2012 Computer Deployment, join the current computer to an AD SG

So you have been given a task to automate installations, welcome. More importantly,  there are several (… OK, one is enough) actions that occur to the desktop if it would be a member of an Active Directory (AD) Security Group (SG).  There is no automatic GUI to do this in System Center 2012 Configuration Manager (even SCCM 2012 SP1 wont save you on this one). Therefore you must script it. My example is straightforward. First you must know the LDAP of the SG you want the computer to join.  If you are new to this, in this case LDAP is a fancy word for “AD PATH”.  An example of AD PATH to a SG:

Continue Reading

Create a Folder from an Environmental Variable (VBS)

Purpose: Create a folder, which name is received from an environmental variable.

You might need to create a folder (deliver a file, get the string, etc.) based on a custom environmental variable.  In my scenario, I had an installation done differently across the domain. The only way to deliver a file to the installation directory was to either check which folder exists in the workstation (and hope you found all the permutations) or use the environmental variable (that was same in each workstation). I chose the environmental variable. In this example, a usually existing environmental variable %WINDIR% (the location of the windows installation) is used.

Usage: cscript.exe IT_APP_VBS_CreateFolderFromEnvironmentalVariable (no parameters exist)

Configuration: You need to change the folder location and environmental variable to match.

Continue Reading